Re: [squid-users] Fwd: %path% in acl list squid 2.6

On Tue, 17 Aug 2010 22:37:31 +0530, sushi squid <sushi.squid_at_gmail.com>
wrote:
> Thanks JD for the reply,
> My Problem is this ...
> Imagine a system with three accounts:
> 1)Administrator
> 2)John
> 3)Sushi
> I want that in the config file the path should be such that …
> when John logsin he has a different block list and when sushi logs in
> a different black list is loaded
>
> This has to be done with single installation of squid ….
> any ideas ..???

I suggest forgetting loading config on login. That requires that Squid
load and startup during their login, which may not be realistic.
Particularly when running as a system service, or on a different box
altogether.

Find some measure to identify the users inside Squid and structure your
access controls to identify the user before testing the user-specific ACL.
User AD account name would be a good choice here since it's logins you want
to base things on. The mswin_* helpers bundled with squid for windows
builds contact the local AD/SSPI directly.

Each http_access (and other access types) are tested left-to-right along a
line. So a config like this:

 acl userJohn proxy_auth john
 acl userBob proxy_auth bob
 acl userJohnBlocklist dstdomain "C:/userJohnBlocklist.txt"
 acl userBobBlocklist dstdomain "C:/userBobBlocklist.txt"

 http_access allow userJohn !userJohnBlocklist
 http_access allow userBob !userBobBlocklist
 http_access deny all

will only block requests which match "userJohn" using the
"userJohnBlocklist" list. vice versa for "userBob" and his list.

Amos

>
> On 8/17/10, John Doe <jdmls_at_yahoo.com> wrote:
>> From: sushi squid <sushi.squid_at_gmail.com>
>>
>>> I am a newbie in squid ... my squid config file is giving some
strange
>>> error
>>> My OS is Windows XP and squid version is 2.6Stable
>>> In the acl permission list the path is as follows
>>> acl goodsite url_regex -i "%userprofile%/whitelist.txt"
>>
>> Maybe I am wrong but I do not think squid will resolve your
%userprofile%
>> variable...
>>
>> JD
>>
>>
>>
>>
Received on Tue Aug 17 2010 - 23:49:13 MDT